Skip to main content

Cyware Situational Awareness Platform

Prerequisites

Ensure that the following prerequisites are met before initiating deployment. To use this guide successfully, Cyware recommends that users to be familiar with deploying software on Linux servers and installing a database on the Linux Enterprise Server.

Note

The default shell that is used for the Collaborate deployment is Bash.

  1. Collaborate License

  2. Privileges

  3. Create OS User

  4. SSH Communication

  5. Network Requirements

  6. Allow Domains and URLs

  7. Intranet Connectivity

  8. Disk or Mount Point Requirements

  9. Proxy Configuration

  10. Domain Details

  11. Docker Requirements

  12. Install Python

  13. Add Cyware Repository

  14. Update Path Variable

  15. Install Ansible

  16. Install Unzip Command

Collaborate License

Ensure that you have a valid Collaborate license key before you deploy the Collaborate application and database services. After a successful deployment, you must enter the license key to activate and access the Collaborate application. Contact Cyware support to get the license key.

Privileges

You must have sudo user privileges for performing the deployment and installation on your servers. The sudo command allows you to run programs as the root user and execute specific system commands at the root level of the system. You must have passwordless sudo privileges to execute commands without a password prompt on all the required servers. Share the system hardening controls that may have been applied to the Operating System before handing over the server to the Cyware deployment team.

Create OS User

You must create a user in the OS with the user and group ID as 1000 on each server. To create a user in the OS, run the following command:

sudo useradd -u 1000 <username>
SSH Communication

You must enable passwordless SSH authentication for the user with user and group ID 1000 on each server. This allows seamless SSH communication from the installer server to the Web App and Database servers. For more information, see Set up Passwordless SSH Authentication.

Network Requirements

Share your Public Gateway IP address with the Cyware team, so that we can add your IP address to our Allow Lists and enable your access to our repository domains.

Server Requirements 

  • The supported OS version for installation and configuration of Collaborate is RHEL and CentOS version 7.7, 7.8, 7.9, 8.1, 8.2, 8.3, 8.4, 8.5, and 8.6.

  • Synchronize the server used in the Collaborate deployment with the Network Time Protocol server of the organization. To check if the system clock is synchronized and NTP is active, run the following command:

    timedatectl
Allow Domains and URLs

Cyware Domains 

Add the following Cyware domains to your Allow List. You will require access to these domains during the deployment to download the installation package. You will also need access to the production license server and Help Center for Collaborate.

  • The Docker registries from which the installer and configuration files can be downloaded:

    • https://packages.cyware.com/ 

    • https://prod.packages.cyware.com 

  • https://cylms.cyware.com: License management repository that stores license properties and details allocated to an instance of Cyware product.

  • https://support.cyware.com/hc/en-us: ITSM portal for customers to contact the Cyware support team for assistance.

  • https://techdocs.cyware.com: Technical documentation portal of Cyware.

  • https://feeds.cyware.com: Stores the threat feeds provided by Cyware.

    Note

    This URL also enables you to retrieve automated RSS alerts.

External URLs 

Allow outbound connections to the following URLs from the Application servers:

  • (Optional) SSO/SAML URL: Add the embed URL of the SSO/SAML authentication app that you are using to the Allow List. For more information, see Configure SAML 2.0 as the Authentication Method.

  • (Optional) LDAP URL: Add the URL of the LDAP authentication app you are using to the Allow List.

  • (Optional) Google Sign-In URL: Add the following URL to the Allow List to enable the Google Sign-In authentication method:

    https://accounts.google.com/gsi/client

  • (Optional) Data sync: Add the URL of the data sync app that you are using to the Allow List

  • Google URLs: To render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.

    • www.gstatic.com 

    • maps.googleapis.com  

    Note

    The Google APIs are required to render a widget in the Collaborate application that shows the Indicators of Compromise (IOCs) by country. The widget uses these APIs to render the world map.

  • ATT&CK URLs: To fetch information from MITRE ATT&CK and populate Tactics and Techniques in the ATT&CK Heatmap feature of the application.

    • https://cti-taxii.mitre.org:443 

    • https://cti-taxii.mitre.org/stix/collections/ 

    • https://raw.githubusercontent.com 

  • Threat Defender Library URL: To fetch information from Amazon S3 buckets and populate the data into the OSINT Repo of the Threat Defender Library feature in the application.

    • https://defender-high-fidelity-prod.s3.amazonaws.com 

  • Third-party Integration Feed URLs: By default, Collaborate provides integrations with some third-party apps to receive feeds. Add the following URLs to receive alerts from the apps:

    • Intel471: https://api.intel471.com/

    • AbuseIPDB: https://api.abuseipdb.com/api/v2/

    • Flexera: https://app.secunia.com/api/ and https://api.app.secunia.com/api/

    • AlienVault: https://otx.alienvault.com/

    • ThreatStream: https://optic.threatstream.com/api/

Intranet Connectivity

Source

Destination

Direction

Port

Comments

Installer Server

Web App and Database Servers

Unidirectional

22

To enable SSH communication between the installer server and the Web App and Database servers.

Port 22 is required only during installation and upgrade. 

Proxy/Firewall

Web App Server

Unidirectional

443

To enable inbound traffic and outbound connection to the Apple server for iOS mobile app push notifications.

Web App Server

Proxy/Firewall

Unidirectional

TCP 5228, 5229, and 5230

UDP 5228, 5229, and 5230

To enable outbound connection to the Google server for Android mobile app push notifications.

Web App and Database Servers

Web App and Database Servers

Bidirectional

TCP 2377 and 7946

UDP 7946 and 4789

To enable Docker Swarm-related communications.

Disk or Mount Point Requirements

Identify the details of storage mount points that are used for the installation of the application and database services. The expected mount point is /apps/cyware/. Make sure that the mount point has sufficient storage with storage disks mounted.

Proxy Configuration

If you have a proxy that acts as a gateway between your users and the internet, it must be configured in all the servers that you use for deployment to ensure network connectivity to Cyware repositories. You must share the proxy details with Cyware to configure the environment files. You can configure the proxy for Collaborate in the vars.yml file. For more information, see the Update Vars File section in Deployment Procedure.

For more information on how to configure the proxy on a Linux server, see Configure Proxy on Linux Server.

Domain Details

If you need the Collaborate platform to be available on a specific domain name, have these handy:

  • Domain Name: Custom domain name on which the platform should be accessible. For example: https://csap.myorg.com. You must add this domain to the Allow List to access the Collaborate application.

  • SSL Certificates are required with the following details:

    Note

    You can also generate and use a self-signed SSL certificate. For more information, see Create Self-Signed SSL Certificate. You must share the self-signed certificate with Cyware to use it with Nginx and the application packages.

    • Root, Intermediate, and Domain certificates in .crt format

    • The private key of the domain certificate

      Store the SSL Certificate (.crt) and Key (.key) files in the /etc/ssl directory as ssl.crt and ssl.key respectively.

  • DNS Configuration on Public/Internal DNS server: Configure domain name resolution on the application’s Web/Virtual IP/Loadbalancer’s IP address.

  • Any rule defined for backend load balancer or backend targets.

  • Share the traffic routing details from the user to the backend with Cyware.

Docker Requirements

The Collaborate application and database services run as Docker containers. Ensure that you meet all the prerequisites to install Docker. For more information, refer to the following prerequisites based on your OS:

Add Cyware Repository

Add the Cyware repository in your RedHat and CentOS-based distributions for the OS-level library installer to download the Collaborate installer package, Collaborate application images, and the OS dependencies that are required by Collaborate.

To add the Cyware repository to the installer server, do the following:

  1. To create and open a docker.repo file in the /etc/yum.repos.d/ directory, run the following command:

    vi /etc/yum.repos.d/docker.repo

  2. Update the docker.repo file with the Cyware repository details. Based on your CentOS and RHEL distribution version, see the Cyware repository details below and update.

  3. Save and exit.

For CentOS 7.x and RHEL 7.x
[cyware-docker]
name=Docker CE Stable
baseurl=https://packages.cyware.com/repository/docker-yum-proxy/7/$basearch/stable
enabled=1
gpgcheck=0
priority=1


[centosplus]
name=CentOS-7 - Plus
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/centosplus/$basearch/
gpgcheck=0
enabled=1



[extras]
name=CentOS-7 - Extras
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/extras/$basearch/
gpgcheck=0
enabled=1


[cr]
name=CentOS-7 - cr
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/cr/$basearch/
gpgcheck=0
enabled=1



[fasttrack]
name=CentOS-7 - fasttrack
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/fasttrack/$basearch/
gpgcheck=0
enabled=1

[os]
name=CentOS-7 - fasttrack
baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/os/$basearch/
gpgcheck=0
enabled=1
For CentOS 8.x and RHEL 8.x
[cyware-docker]
name=Docker CE Stable
baseurl=https://packages.cyware.com/repository/docker-yum-proxy/linux/centos/8/$basearch/stable
enabled=1
gpgcheck=0
priority=1

[centosplus]
name=CentOS-8-stream - Plus
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/centosplus/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[extras]
name=CentOS-8-stream - Extras
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/extras/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[cr]
name=CentOS-8-stream - cr
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/cr/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[Appstream]
name=CentOS-8-stream - Appstream
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/AppStream/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[BaseOS]
name=CentOS-8-stream - BaseOS
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/BaseOS/$basearch/os/
gpgcheck=0
enabled=1
priority=2

[PowerTools]
name=CentOS-8-stream - PowerTools
baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/PowerTools/$basearch/os/
gpgcheck=0
enabled=1
priority=2
Install Python

You must install Python version 3.9 on the installer server to run the Ansible script that deploys the Collaborate application and database services.

To install Python on the installer server, run the following commands.

sudo yum install wget -y
wget https://packages.cyware.com/repository/cyware/installer/python/install-python39.sh
bash install-python39.sh

Note

Installing Python version 3.9 does not affect an earlier version of Python if already installed on the server.

Update Path Variable

To update the path variable, do the following:

  1. Open the following files: ~/.bash_profile and ~/.bashrc.

    Note

    You need sudo privileges to modify these files. Use the sudo command to open these files. For example, sudo vi ~/.bashrc.

  2. Insert the following path variable at the end of the files.

    PATH=$PATH:/usr/local/bin:$HOME/bin

  3. Save and exit.

  4. Run the following commands:

    source ~/.bash_profile
source ~/.bashrc
Install Ansible

You must install Ansible to run the Ansible script that deploys the Collaborate application and database services.

To install Ansible on the installer server, run the following command:

python3.9 -m pip install ansible -i https://packages.cyware.com/repository/pypi-group/simple/

To verify if Ansible is installed, run the following command:

ansible --version

Sample Output 

 [root@ip-10-xx-xx-20 bin]# ansible --version
ansible [core 2.13.6]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.13 (main, Nov 18 2022, 05:59:41) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
  jinja version = 3.1.2
  libyaml = True
Install Unzip Command

You must install the unzip command to extract the Collaborate installer package. To install the unzip command, run the following command:

sudo yum install -y unzip